The anatomy of a South African ransomware attack

June 02, 2023 || Strategix

South Africa is the epicenter of global ransomare attacks. Here is how cybercriminals target the nation’s biggest organisations.

Over the past two years, 80% of South African companies have reported a ransomware attack and ransomware is one of the most prevalent attack vectors. The hits just keep on coming with numerous high-profile attacks affecting service delivery and costing the country and organisations both time and money.

There’s the City Power attack that crippled the power company to the point where customers couldn’t purchase power for several days, leaving them stranded and the company struggling to find its feet. Nothing was released around how the ransomware got into the utility but it managed to lock up systems so effectively that City Power had to pull in external expertise.

The Transnet attack that took place in 2021 was linked to the Death Kitty ransomware making the rounds at the time. The company found out about the attack when they found a ransom note on the computer system and directions to a chat portal on the dark web to resolve the problem. Transnet didn’t pay the hackers any money and managed to resolve the threat but only after systems were brought to a crippling and expensive halt.

Then there was the attack on TransUnion that affected thousands of people and saw the company provide those affected with free identity theft protection for a year as a way of apologising for the mistake and helping them protect themselves. Porsche fell victim to an attack in February 2023, the Department of Justice and Constitutional Development was brought to its digital knees as it battled an extensive attack in September 2021, and ORT SA had a catastrophic attack that affected its business significantly.

South Africa is one of the worst hit cybercrime regions in the world.

The ransomware threats are more sophisticated in and of themselves with Ransomware-as-a-Service becoming increasingly popular with cybercriminals, putting expert hackers and ransomware at their disposal, on demand. This situation is made even more challenging by the fact that that many companies still think security is an IT problem, not a business problem.

When the attack hits, it’s an everyone problem.

Why? Because in the event of a successful attack, the company comes under scrutiny. Who clicked on the link that granted the ransomware access to the company? Who had the compromised credentials, and why? Did the company put the right protections in place or is it liable for further investigation and a possible fine under POPIA? Why didn’t the protections that the company put in place work? Are there protections?

Then there is the cost of time spent resolving the problem and mitigating the damage, the cost of downtime, reputational loss, business loss and repair, and the cost of rebuilding systems in the aftermath. This is the true anatomy of a cybercrime - the completely pervasive impact that the attack has on every part of your company’s ecosystem.

Which is why security is a critical investment. It has moved from a grudge purchase to an investment into the holistic wellbeing of your company that ensures your systems, customers and people are protected and that you are prepared for the threats. Discover how Strategix can help you redefine your security posture and give you peace of mind.

Recent Posts